Description
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105549
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041821
Mitigation, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0025.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041822
Scores
CVSS v3
6.5
EPSS
0.0007
EPSS Percentile
20.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (5)
vmware/esxi
6.0
vmware/esxi
6.5
vmware/esxi
6.7
vmware/fusion
10.0.0 - 10.1.5
vmware/workstation
14.0.0 - 14.1.5
Published
Oct 09, 2018
Tracked Since
Feb 18, 2026